# SSL Certificate
### Notes
* This operation will interrupt Helmut's normal operation. Please plan a downtime window and ensure an up-to-date backup is done before changing any configuration.
* Please ensure the SSL certificate is signed and valid
* The .key must be RSA, we do not support elliptic-curve for now
* The .key file should not be password protected
* You need to use X509CO cert format
\
Traefik version 4.0.2.x:\
1.) Copy the certificate (*.crt*) and the (*.key*) files from your computer to the Helmut server */root/certs* folder. Make sure the files are named *server.crt* and *server.key* respectively\
2.) Access Portainer by going to [http://helmut\_server\_address:9000](http://helmut_server_address:9000/)\
3.) Go to Stacks
4.) Edit the Helmut4 stack file
5.) Check the SSL configuration on the Traefik service:
Make sure the following configuration
```
command: --configFile=/etc/traefik-ssl/traefik.toml
```
is available in your stack file version.\
\
If you **have** this line, and it starts with a #, delete this character to uncomment the line.\
If you **don't** have this line, please add it below the *image:* line\
\
The same with the volumes mount for the certificate which needs to be uncomment by deleting the #
```
- /root/certs:/certs
```
6.) Update the stack file
7.) Access Helmut webpage using *https:* and check if the certificate is loaded
### Convert pem certificate in crt / key
If the certificate is a pem one (it doesn't matter if it is a single one or a split one: cert + key) the easiest way to convert pem into a .crt & .key file is to open those in an editor and copy/paste the content in the appropriate server.\* file.\
Attention: please check that there is no empty line at the end of both files as this can lead to problems as we suggest to remove also comments\
\
This is an example of a pem containing key & certificate
If there are several certificates fo a CA-chain those need to be copied one after another which will look like this:
